Australian Attorney-General Christian Porter has announced that Australian Information Commissioner and Privacy Commissioner Timothy Pilgrim is set to retire at the end of next month, with the search for a replacement to begin “soon”.
With Pilgrim’s departure, Australia looks set to once again enter the realm of commissioner limbo.
The Office of the Australian Information Commissioner (OAIC) has been in various hobbled states ever since the the Federal Budget of 2014 was handed down and it was slated to be disbanded.
However, the office struggled on without any funding set aside for it, thanks to an obstinate Senate refusing to pass the legislation that would abolish it.
After its near-death experience, the office was eventually handed AU$9.3 million annually for four years in the 2016 Budget, although that funding was mostly siphoned off the Australian Human Rights Commission. In addition, most of its freedom of information duties were sent to other parts of the Attorney-General’s Department.
Pilgrim has been in the role of privacy commissioner since July 2010, having previously served as deputy privacy commissioner from 1998, and, after a series of temporary rolling appointments over two years, finally became Australian Information Commissioner in September.
During Pilgrim’s time, Australians had their privacy and security eroded under the tenure of former Attorney-General George Brandis, who instituted mandatory data retention, sought to criminalise the re-identification of de-identified government data, and forced telcos to become beholden to the Attorney-General’s Department.
Brandis recently left the Senate to become the high commissioner in London.
His replacement praised Pilgrim’s “thoughtful and considered approach” during his time.
“Pilgrim has effectively governed the Office of the Australian Information Commissioner and has enhanced the office’s relevance in a continually evolving policy environment,” Porter said in a statement.
“The government will soon be undertaking a merit-based selection process to identify Mr Pilgrim’s replacement.”
Australia’s Notifiable Data Breaches scheme will take effect from Thursday, and will require organisations covered by the Privacy Act to notify individuals whose personal information is involved in a data breach that is likely to result in “serious harm” as soon as practicable after becoming aware of a breach.
The OAIC will create a public service privacy code following a number of privacy incidents with Australian governmental agencies.
Australia’s Privacy Commissioner has said the de-identification of data is an area requiring regulation, and that agreed industry standards could be useful to fill the public with confidence.
The Australian Privacy Commissioner, Timothy Pilgrim, has ruled that storing medical records in a garden shed is a failure to secure sensitive records.
The Office of the Australian Information Commissioner and Data61 have released a guide to assist organisations to appropriately de-identify data to meet requirements such as those mandated under the Privacy Act.
The office led by Information and Privacy Commissioner Timothy Pilgrim received 114 voluntary data breach notifications, 35 mandatory digital health data notifications, and 2,494 privacy-related complaints during the 12-month period.